Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Sep 2021 04:29:02 GMT
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 9a3ae0cdef9a - main - Import OpenSSL 1.1.1l
Message-ID:  <202109010429.1814T2xP021459@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by jkim:

URL: https://cgit.FreeBSD.org/src/commit/?id=9a3ae0cdef9ac9a4b8c5cc66305d9a516ce8d4a0

commit 9a3ae0cdef9ac9a4b8c5cc66305d9a516ce8d4a0
Author:     Jung-uk Kim <jkim@FreeBSD.org>
AuthorDate: 2021-09-01 04:26:38 +0000
Commit:     Jung-uk Kim <jkim@FreeBSD.org>
CommitDate: 2021-09-01 04:26:38 +0000

    Import OpenSSL 1.1.1l
---
 crypto/openssl/CHANGES                            |  65 ++++++++
 crypto/openssl/NEWS                               |   5 +
 crypto/openssl/README                             |   2 +-
 crypto/openssl/apps/crl2p7.c                      |  18 +-
 crypto/openssl/apps/enc.c                         |   4 +-
 crypto/openssl/apps/s_server.c                    |  13 +-
 crypto/openssl/apps/s_socket.c                    |  12 +-
 crypto/openssl/crypto/armcap.c                    |  15 ++
 crypto/openssl/crypto/asn1/a_object.c             |  15 +-
 crypto/openssl/crypto/asn1/a_strex.c              |   4 +-
 crypto/openssl/crypto/asn1/asn1_lib.c             |   2 +-
 crypto/openssl/crypto/asn1/bio_asn1.c             |   7 +-
 crypto/openssl/crypto/asn1/bio_ndef.c             |   3 +
 crypto/openssl/crypto/asn1/d2i_pr.c               |  73 +++++---
 crypto/openssl/crypto/asn1/t_spki.c               |   2 +-
 crypto/openssl/crypto/bio/b_addr.c                |   4 +-
 crypto/openssl/crypto/bio/b_sock2.c               |   5 +-
 crypto/openssl/crypto/bn/bn_div.c                 |   9 +-
 crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl |  54 ++++--
 crypto/openssl/crypto/dsa/dsa_prn.c               |  14 +-
 crypto/openssl/crypto/ec/ec2_oct.c                |  43 ++++-
 crypto/openssl/crypto/ec/ec_asn1.c                |   2 +-
 crypto/openssl/crypto/err/openssl.txt             |   5 +
 crypto/openssl/crypto/evp/e_aes.c                 | 192 +++++++++++-----------
 crypto/openssl/crypto/evp/e_camellia.c            |  10 +-
 crypto/openssl/crypto/hmac/hm_ameth.c             |   5 +-
 crypto/openssl/crypto/pkcs12/p12_key.c            |   4 +-
 crypto/openssl/crypto/poly1305/poly1305_ameth.c   |   4 +-
 crypto/openssl/crypto/ppccap.c                    |   6 +
 crypto/openssl/crypto/rand/rand_unix.c            |  10 +-
 crypto/openssl/crypto/rsa/rsa_prn.c               |   8 +-
 crypto/openssl/crypto/siphash/siphash_ameth.c     |   4 +-
 crypto/openssl/crypto/sm2/sm2_crypt.c             |   2 +-
 crypto/openssl/crypto/sm2/sm2_pmeth.c             |   2 +-
 crypto/openssl/crypto/sparcv9cap.c                |   3 +-
 crypto/openssl/crypto/srp/srp_vfy.c               |  13 +-
 crypto/openssl/crypto/store/loader_file.c         |   3 +-
 crypto/openssl/crypto/ts/ts_rsp_verify.c          |   3 +-
 crypto/openssl/crypto/ts/ts_verify_ctx.c          |   4 +-
 crypto/openssl/crypto/uid.c                       |   8 +-
 crypto/openssl/crypto/x509/t_x509.c               |   6 +-
 crypto/openssl/crypto/x509/x509_vpm.c             |   6 +-
 crypto/openssl/crypto/x509v3/v3_akey.c            |  12 +-
 crypto/openssl/crypto/x509v3/v3_alt.c             |   2 +-
 crypto/openssl/crypto/x509v3/v3_cpols.c           |   2 +-
 crypto/openssl/crypto/x509v3/v3_ncons.c           |   2 +-
 crypto/openssl/crypto/x509v3/v3_pci.c             |   2 +-
 crypto/openssl/crypto/x509v3/v3_utl.c             |  13 +-
 crypto/openssl/crypto/x509v3/v3err.c              |   6 +-
 crypto/openssl/doc/man1/enc.pod                   |   4 +-
 crypto/openssl/doc/man1/s_client.pod              |   2 +-
 crypto/openssl/doc/man1/s_server.pod              |   2 +-
 crypto/openssl/doc/man3/BIO_f_ssl.pod             |   7 +-
 crypto/openssl/doc/man3/BIO_push.pod              |   6 +-
 crypto/openssl/doc/man3/BN_cmp.pod                |  41 +++--
 crypto/openssl/doc/man3/d2i_PrivateKey.pod        |   6 +-
 crypto/openssl/doc/man7/x509.pod                  |   6 +-
 crypto/openssl/include/crypto/sm2.h               |   2 +-
 crypto/openssl/include/crypto/x509.h              |   2 +-
 crypto/openssl/include/openssl/e_os2.h            |   5 +-
 crypto/openssl/include/openssl/opensslv.h         |   4 +-
 crypto/openssl/include/openssl/sslerr.h           |   5 +-
 crypto/openssl/include/openssl/x509v3err.h        |   4 +-
 crypto/openssl/ssl/bio_ssl.c                      |   3 +-
 crypto/openssl/ssl/d1_lib.c                       |   3 +-
 crypto/openssl/ssl/record/rec_layer_s3.c          |   8 +-
 crypto/openssl/ssl/record/ssl3_buffer.c           |   3 +-
 crypto/openssl/ssl/record/ssl3_record.c           |  36 ++--
 crypto/openssl/ssl/s3_msg.c                       |   4 +-
 crypto/openssl/ssl/ssl_cert.c                     |  35 ++--
 crypto/openssl/ssl/ssl_err.c                      |   7 +-
 crypto/openssl/ssl/ssl_lib.c                      |  59 ++++++-
 crypto/openssl/ssl/ssl_local.h                    |   2 +-
 crypto/openssl/ssl/statem/extensions.c            |  31 +++-
 crypto/openssl/ssl/statem/extensions_srvr.c       |   9 +-
 crypto/openssl/ssl/statem/statem_clnt.c           |   5 +-
 crypto/openssl/ssl/statem/statem_local.h          |   4 +-
 crypto/openssl/ssl/statem/statem_srvr.c           |   9 +-
 crypto/openssl/ssl/t1_lib.c                       |  11 +-
 79 files changed, 701 insertions(+), 332 deletions(-)

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 7f8057bb6f0a..fae493da34cf 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,71 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
+
+  *) Fixed an SM2 Decryption Buffer Overflow.
+
+     In order to decrypt SM2 encrypted data an application is expected to call the
+     API function EVP_PKEY_decrypt(). Typically an application will call this
+     function twice. The first time, on entry, the "out" parameter can be NULL and,
+     on exit, the "outlen" parameter is populated with the buffer size required to
+     hold the decrypted plaintext. The application can then allocate a sufficiently
+     sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
+     value for the "out" parameter.
+
+     A bug in the implementation of the SM2 decryption code means that the
+     calculation of the buffer size required to hold the plaintext returned by the
+     first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
+     the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
+     called by the application a second time with a buffer that is too small.
+
+     A malicious attacker who is able present SM2 content for decryption to an
+     application could cause attacker chosen data to overflow the buffer by up to a
+     maximum of 62 bytes altering the contents of other data held after the
+     buffer, possibly changing application behaviour or causing the application to
+     crash. The location of the buffer is application dependent but is typically
+     heap allocated.
+     (CVE-2021-3711)
+     [Matt Caswell]
+
+  *) Fixed various read buffer overruns processing ASN.1 strings
+
+     ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
+     structure which contains a buffer holding the string data and a field holding
+     the buffer length. This contrasts with normal C strings which are repesented as
+     a buffer for the string data which is terminated with a NUL (0) byte.
+
+     Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
+     own "d2i" functions (and other similar parsing functions) as well as any string
+     whose value has been set with the ASN1_STRING_set() function will additionally
+     NUL terminate the byte array in the ASN1_STRING structure.
+
+     However, it is possible for applications to directly construct valid ASN1_STRING
+     structures which do not NUL terminate the byte array by directly setting the
+     "data" and "length" fields in the ASN1_STRING array. This can also happen by
+     using the ASN1_STRING_set0() function.
+
+     Numerous OpenSSL functions that print ASN.1 data have been found to assume that
+     the ASN1_STRING byte array will be NUL terminated, even though this is not
+     guaranteed for strings that have been directly constructed. Where an application
+     requests an ASN.1 structure to be printed, and where that ASN.1 structure
+     contains ASN1_STRINGs that have been directly constructed by the application
+     without NUL terminating the "data" field, then a read buffer overrun can occur.
+
+     The same thing can also occur during name constraints processing of certificates
+     (for example if a certificate has been directly constructed by the application
+     instead of loading it via the OpenSSL parsing functions, and the certificate
+     contains non NUL terminated ASN1_STRING structures). It can also occur in the
+     X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
+
+     If a malicious actor can cause an application to directly construct an
+     ASN1_STRING and then process it through one of the affected OpenSSL functions
+     then this issue could be hit. This might result in a crash (causing a Denial of
+     Service attack). It could also result in the disclosure of private memory
+     contents (such as private keys, or sensitive plaintext).
+     (CVE-2021-3712)
+     [Matt Caswell]
+
  Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
 
   *) Fixed a problem with verifying a certificate chain when using the
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 05991a0c214a..5a1207c66ed4 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
+
+      o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
+      o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
+
   Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
 
       o Fixed a problem with verifying a certificate chain when using the
diff --git a/crypto/openssl/README b/crypto/openssl/README
index b92a8bd3a4b5..7dc4e6790c34 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1k 25 Mar 2021
+ OpenSSL 1.1.1l 24 Aug 2021
 
  Copyright (c) 1998-2021 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
index 88fabcb22c36..3f619bf5278e 100644
--- a/crypto/openssl/apps/crl2p7.c
+++ b/crypto/openssl/apps/crl2p7.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv)
 
     if (!ASN1_INTEGER_set(p7s->version, 1))
         goto end;
-    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
-        goto end;
-    p7s->crl = crl_stack;
+
     if (crl != NULL) {
+        if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+            goto end;
+        p7s->crl = crl_stack;
         sk_X509_CRL_push(crl_stack, crl);
         crl = NULL;             /* now part of p7 for OPENSSL_freeing */
     }
 
-    if ((cert_stack = sk_X509_new_null()) == NULL)
-        goto end;
-    p7s->cert = cert_stack;
+    if (certflst != NULL) {
+        if ((cert_stack = sk_X509_new_null()) == NULL)
+            goto end;
+        p7s->cert = cert_stack;
 
-    if (certflst != NULL)
         for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
             certfile = sk_OPENSSL_STRING_value(certflst, i);
             if (add_certs_from_file(cert_stack, certfile) < 0) {
@@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv)
                 goto end;
             }
         }
+    }
 
     out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index ddf51e0dba15..65710771a089 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,7 +81,7 @@ const OPTIONS enc_options[] = {
     {"", OPT_CIPHER, '-', "Any supported cipher"},
     OPT_R_OPTIONS,
 #ifdef ZLIB
-    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+    {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
 #endif
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index ddc0b4bcd76d..c11aeee440a2 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -133,6 +133,17 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 
     if (s_debug)
         BIO_printf(bio_s_out, "psk_server_cb\n");
+
+    if (SSL_version(ssl) >= TLS1_3_VERSION) {
+        /*
+         * This callback is designed for use in TLSv1.2. It is possible to use
+         * a single callback for all protocol versions - but it is preferred to
+         * use a dedicated callback for TLSv1.3. For TLSv1.3 we have
+         * psk_find_session_cb.
+         */
+        return 0;
+    }
+
     if (identity == NULL) {
         BIO_printf(bio_err, "Error: client did not send PSK identity\n");
         goto out_err;
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 76f928900207..aee366d5f457 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -214,6 +214,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
     const BIO_ADDRINFO *next;
     int sock_family, sock_type, sock_protocol, sock_port;
     const BIO_ADDR *sock_address;
+    int sock_family_fallback = AF_UNSPEC;
+    const BIO_ADDR *sock_address_fallback = NULL;
     int sock_options = BIO_SOCK_REUSEADDR;
     int ret = 0;
 
@@ -244,6 +246,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
             && BIO_ADDRINFO_protocol(next) == sock_protocol) {
         if (sock_family == AF_INET
                 && BIO_ADDRINFO_family(next) == AF_INET6) {
+            /* In case AF_INET6 is returned but not supported by the
+             * kernel, retry with the first detected address family */
+            sock_family_fallback = sock_family;
+            sock_address_fallback = sock_address;
             sock_family = AF_INET6;
             sock_address = BIO_ADDRINFO_address(next);
         } else if (sock_family == AF_INET6
@@ -253,6 +259,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
     }
 
     asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
+        asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
+        sock_address = sock_address_fallback;
+    }
     if (asock == INVALID_SOCKET
         || !BIO_listen(asock, sock_address, sock_options)) {
         BIO_ADDRINFO_free(res);
diff --git a/crypto/openssl/crypto/armcap.c b/crypto/openssl/crypto/armcap.c
index 8bf96f10214f..c5685bde5891 100644
--- a/crypto/openssl/crypto/armcap.c
+++ b/crypto/openssl/crypto/armcap.c
@@ -68,6 +68,12 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
 #   include <sys/auxv.h>
 #   define OSSL_IMPLEMENT_GETAUXVAL
 #  endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+#  if __ANDROID_API__ >= 18
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
 # endif
 # if defined(__FreeBSD__)
 #  include <sys/param.h>
@@ -87,6 +93,15 @@ static unsigned long getauxval(unsigned long key)
 #  endif
 # endif
 
+/*
+ * Android: according to https://developer.android.com/ndk/guides/cpu-features,
+ * getauxval is supported starting with API level 18
+ */
+#  if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+
 /*
  * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
  * AArch64 used AT_HWCAP.
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index d67a723c9611..8ade9e50a7cb 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -286,16 +286,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         }
     }
 
-    /*
-     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
-     * ->ln
-     */
     if ((a == NULL) || ((*a) == NULL) ||
         !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
         if ((ret = ASN1_OBJECT_new()) == NULL)
             return NULL;
-    } else
+    } else {
         ret = (*a);
+    }
 
     p = *pp;
     /* detach data from object */
@@ -313,6 +310,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
     }
     memcpy(data, p, length);
+    /* If there are dynamic strings, free them here, and clear the flag */
+    if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
+        OPENSSL_free((char *)ret->sn);
+        OPENSSL_free((char *)ret->ln);
+        ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+    }
     /* reattach data to object, after which it remains const */
     ret->data = data;
     ret->length = length;
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 4879b33785e9..284dde274c9f 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
     t.type = str->type;
     t.value.ptr = (char *)str;
     der_len = i2d_ASN1_TYPE(&t, NULL);
+    if (der_len <= 0)
+        return -1;
     if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
         ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
         return -1;
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index 8e62f3307443..3d99d1383d42 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/asn1/bio_asn1.c b/crypto/openssl/crypto/asn1/bio_asn1.c
index 86ee56632305..914d77c866c6 100644
--- a/crypto/openssl/crypto/asn1/bio_asn1.c
+++ b/crypto/openssl/crypto/asn1/bio_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -138,6 +138,11 @@ static int asn1_bio_free(BIO *b)
     if (ctx == NULL)
         return 0;
 
+    if (ctx->prefix_free != NULL)
+        ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+    if (ctx->suffix_free != NULL)
+        ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
     OPENSSL_free(ctx->buf);
     OPENSSL_free(ctx);
     BIO_set_data(b, NULL);
diff --git a/crypto/openssl/crypto/asn1/bio_ndef.c b/crypto/openssl/crypto/asn1/bio_ndef.c
index d7d7d80eea91..760e4846a474 100644
--- a/crypto/openssl/crypto/asn1/bio_ndef.c
+++ b/crypto/openssl/crypto/asn1/bio_ndef.c
@@ -142,6 +142,9 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
 
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
+    if (ndef_aux == NULL)
+        return 0;
+
     OPENSSL_free(ndef_aux->derbuf);
 
     ndef_aux->derbuf = NULL;
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c
index 7b127d2092fa..2094963036fe 100644
--- a/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
  * type
  */
 
+static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)
+{
+    const unsigned char *p = *pp;
+    PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+    EVP_PKEY *ret;
+
+    if (p8 == NULL)
+        return NULL;
+
+    ret = EVP_PKCS82PKEY(p8);
+    if (ret == NULL)
+        *carry_on = 0;
+
+    PKCS8_PRIV_KEY_INFO_free(p8);
+
+    if (ret != NULL)
+        *pp = p;
+
+    return ret;
+}
+
 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                              long length)
 {
     STACK_OF(ASN1_TYPE) *inkey;
     const unsigned char *p;
     int keytype;
+    EVP_PKEY *ret = NULL;
+    int carry_on = 1;
+
+    ERR_set_mark();
+    ret = key_as_pkcs8(pp, length, &carry_on);
+    if (ret != NULL) {
+        ERR_clear_last_mark();
+        if (a != NULL)
+            *a = ret;
+        return ret;
+    }
+
+    if (carry_on == 0) {
+        ERR_clear_last_mark();
+        ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return NULL;
+    }
     p = *pp;
+
     /*
      * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
      * analyzing it we can determine the passed structure: this assumes the
@@ -100,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         keytype = EVP_PKEY_DSA;
     else if (sk_ASN1_TYPE_num(inkey) == 4)
         keytype = EVP_PKEY_EC;
-    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
-                                              * traditional format */
-        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
-        EVP_PKEY *ret;
-
-        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-        if (!p8) {
-            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
-                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-            return NULL;
-        }
-        ret = EVP_PKCS82PKEY(p8);
-        PKCS8_PRIV_KEY_INFO_free(p8);
-        if (ret == NULL)
-            return NULL;
-        *pp = p;
-        if (a) {
-            *a = ret;
-        }
-        return ret;
-    } else
+    else
         keytype = EVP_PKEY_RSA;
     sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-    return d2i_PrivateKey(keytype, a, pp, length);
+
+    ret = d2i_PrivateKey(keytype, a, pp, length);
+    if (ret != NULL)
+        ERR_pop_to_mark();
+    else
+        ERR_clear_last_mark();
+
+    return ret;
 }
diff --git a/crypto/openssl/crypto/asn1/t_spki.c b/crypto/openssl/crypto/asn1/t_spki.c
index 64ee77eeecba..3d4aea8ad9a4 100644
--- a/crypto/openssl/crypto/asn1/t_spki.c
+++ b/crypto/openssl/crypto/asn1/t_spki.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/bio/b_addr.c b/crypto/openssl/crypto/bio/b_addr.c
index b023bbda406b..8ea32bce401b 100644
--- a/crypto/openssl/crypto/bio/b_addr.c
+++ b/crypto/openssl/crypto/bio/b_addr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -689,7 +689,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
         hints.ai_protocol = protocol;
 # ifdef AI_ADDRCONFIG
 #  ifdef AF_UNSPEC
-        if (family == AF_UNSPEC)
+        if (host != NULL && family == AF_UNSPEC)
 #  endif
             hints.ai_flags |= AI_ADDRCONFIG;
 # endif
diff --git a/crypto/openssl/crypto/bio/b_sock2.c b/crypto/openssl/crypto/bio/b_sock2.c
index 80ef348d9254..771729880e4a 100644
--- a/crypto/openssl/crypto/bio/b_sock2.c
+++ b/crypto/openssl/crypto/bio/b_sock2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -255,7 +255,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
         }
     }
 
-# ifdef IPV6_V6ONLY
+  /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
     if (BIO_ADDR_family(addr) == AF_INET6) {
         /*
          * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index 286d69c895fd..0da9f39b31a9 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
     BIGNUM *tmp, *snum, *sdiv, *res;
     BN_ULONG *resp, *wnum, *wnumtop;
     BN_ULONG d0, d1;
-    int num_n, div_n;
+    int num_n, div_n, num_neg;
 
     assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
 
@@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
     /* Setup quotient */
     if (!bn_wexpand(res, loop))
         goto err;
-    res->neg = (num->neg ^ divisor->neg);
+    num_neg = num->neg;
+    res->neg = (num_neg ^ divisor->neg);
     res->top = loop;
     res->flags |= BN_FLG_FIXED_TOP;
     resp = &(res->d[loop]);
@@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
         *--resp = q;
     }
     /* snum holds remainder, it's as wide as divisor */
-    snum->neg = num->neg;
+    snum->neg = num_neg;
     snum->top = div_n;
     snum->flags |= BN_FLG_FIXED_TOP;
     if (rm != NULL)
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl b/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
index 227ee59ff2ba..c0e5d863dcb2 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -471,7 +471,7 @@ sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
 	&por	($b,$t);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_ssse3,\@function,5
@@ -2499,7 +2499,7 @@ sub AVX512ROUND {	# critical path is 14 "SIMD ticks" per round
 	&vprold	($b,$b,7);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_avx512,\@function,5
@@ -2515,8 +2515,16 @@ ChaCha20_avx512:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512_body:
 ___
 $code.=<<___;
@@ -2683,8 +2691,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
@@ -2711,8 +2727,16 @@ ChaCha20_avx512vl:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512vl_body:
 ___
 $code.=<<___;
@@ -2836,8 +2860,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
diff --git a/crypto/openssl/crypto/dsa/dsa_prn.c b/crypto/openssl/crypto/dsa/dsa_prn.c
index a4a1fd5650e4..070b881e1fae 100644
--- a/crypto/openssl/crypto/dsa/dsa_prn.c
+++ b/crypto/openssl/crypto/dsa/dsa_prn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
     EVP_PKEY *pk;
     int ret;
     pk = EVP_PKEY_new();
-    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL)
         return 0;
-    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
     EVP_PKEY_free(pk);
     return ret;
 }
@@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x)
     EVP_PKEY *pk;
     int ret;
     pk = EVP_PKEY_new();
-    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL)
         return 0;
-    ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
     EVP_PKEY_free(pk);
     return ret;
 }
diff --git a/crypto/openssl/crypto/ec/ec2_oct.c b/crypto/openssl/crypto/ec/ec2_oct.c
index 48543265eeab..788e6501fbcd 100644
--- a/crypto/openssl/crypto/ec/ec2_oct.c
+++ b/crypto/openssl/crypto/ec/ec2_oct.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
-    form = buf[0];
-    y_bit = form & 1;
-    form = form & ~1U;
+
+    /*
+     * The first octet is the point converison octet PC, see X9.62, page 4
+     * and section 4.4.2.  It must be:
+     *     0x00          for the point at infinity
+     *     0x02 or 0x03  for compressed form
+     *     0x04          for uncompressed form
+     *     0x06 or 0x07  for hybrid form.
+     * For compressed or hybrid forms, we store the last bit of buf[0] as
+     * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+     * We error if buf[0] contains any but the above values.
+     */
+    y_bit = buf[0] & 1;
+    form = buf[0] & ~1U;
+
     if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
         && (form != POINT_CONVERSION_UNCOMPRESSED)
         && (form != POINT_CONVERSION_HYBRID)) {
@@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         return 0;
     }
 
+    /* The point at infinity is represented by a single zero octet. */
     if (form == 0) {
         if (len != 1) {
             ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
@@ -312,11 +325,23 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             goto err;
         }
         if (form == POINT_CONVERSION_HYBRID) {
-            if (!group->meth->field_div(group, yxi, y, x, ctx))
-                goto err;
-            if (y_bit != BN_is_odd(yxi)) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                goto err;
+            /*
+             * Check that the form in the encoding was set correctly
+             * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+             * of X9.62, 4.4.1.b.
+             */
+            if (BN_is_zero(x)) {
+                if (y_bit != 0) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
+            } else {
+                if (!group->meth->field_div(group, yxi, y, x, ctx))
+                    goto err;
+                if (y_bit != BN_is_odd(yxi)) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
             }
         }
 
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c
index e497a259095d..c8ee1e6f1762 100644
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/openssl/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt
index b22e8a735ccf..846c896359cb 100644
--- a/crypto/openssl/crypto/err/openssl.txt
+++ b/crypto/openssl/crypto/err/openssl.txt
@@ -1160,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
 SSL_F_FINAL_EMS:486:final_ems
 SSL_F_FINAL_KEY_SHARE:503:final_key_share
 SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_PSK:639:final_psk
 SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
 SSL_F_FINAL_SERVER_NAME:558:final_server_name
 SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
@@ -1653,6 +1654,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
 X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
 X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
 X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID
 X509V3_F_LEVEL_ADD_NODE:168:level_add_node
 X509V3_F_NOTICE_SECTION:132:notice_section
 X509V3_F_NREF_NOS:133:nref_nos
@@ -1693,6 +1695,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
 X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
 X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
 X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
+X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value
 X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
 X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
 X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
@@ -2742,6 +2745,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
 SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
 SSL_R_MISSING_FATAL:256:missing fatal
 SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
 SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
 SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
 SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
@@ -2785,6 +2789,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
 SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
 SSL_R_NULL_SSL_CTX:195:null ssl ctx
 SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
 	old session compression algorithm not returned
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c
index 4640c7528a20..715fac9f88df 100644
--- a/crypto/openssl/crypto/evp/e_aes.c
+++ b/crypto/openssl/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
  */
 void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
+                           unsigned char *ivec, int /*unused*/);
 void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
                              size_t blocks, const AES_KEY *key,
                              unsigned char *ivec);
@@ -1168,9 +1168,9 @@ typedef struct {
 static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc);
*** 1967 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109010429.1814T2xP021459>